Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 407
  • Last Modified:

Exchange 2010 errors communicating with Domain Controllers

I have three Hyper-V Servers all on one physical machine,
1. Domain Controller 1 running WIndows 2012
2. Domain Controller 2 Running Windows 2012
3. Exchange 2010 running Windows 2008 R2

after a few months running just fine, suddenly the Exchange server is complaining it cannot find the DC's.

I get the Application Error logs saying Event ID 2604 MSExchangeADAccess
Eventi ID 2103, 2114, and 2102.

I already looked at the Default Domain Security settings where you make sure it is the Local Domain Controllers policy and not just the Local Domain policy.

Then I reboot and it seems fine...for awhile. Any ideas?
0
garyoh
Asked:
garyoh
  • 4
  • 2
1 Solution
 
JaihuntCommented:
Hi

Did you check any DNS issues in the DC's. Check Network issues also. What is the primary and secondary DNS settings for the DC's.

Thanks
  Jai
0
 
garyohAuthor Commented:
For the dc's, I have each one pointing to itself first and to the other second.
I did have a strange thing when I pinged the dc's from the exchange box by name: it pinged the IP v6 address and all boxes now have IP v6 disabled in the net adapter properties. Should I have IP  v6 on? I also see IP v6 entries in the DNS tables on both dc's. also when I run dcdiag, I do get some errors about replication. Should I have IP v6 all on or all off? And, if all off, should I manually delete all IP v6 entries in the DNS tables? Just curious.
0
 
JaihuntCommented:
Disable the IPv6 and remove the entries also make sure you are able to resolve the dc from exchange. what replication errors you get from DC
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
garyohAuthor Commented:
I did mention these are all Hyper-V instances on a single physical server, right? I don't know if that matters or not. I would not think so.

When I tried to ping the dc's from the exchange server, I get this:
Pinging DC2012-1.mydomain.local from [ipv6 address] with 32 bytes of data:
General failure.
General failure.
General failure.
General failure.
ping statistics for [ipv6 address]:
sent=4, received = 0

when I run "dcdiag /s:DC2012-1", I get errors here:
"NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have Replicating Directory Changes in Filtered Set access rights for the naming context:
...all the DC stuff here"

That's it.

I did go into the DNS servers and remove the ip v6 entries from there except for two which are these:
in forward Look zones --> mydomain.local --> there is a "(same as parent folder) IPv6 (AAAA) [IPv6 Address] and a date"
Should those get deleted as well?

Thanks for your help
0
 
garyohAuthor Commented:
We called Microsoft Tech Support and got them involved. The solution was completed by a Tech there with one of my techs. Unfortunately, I have no input on the final solution. Sorry.
0
 
garyohAuthor Commented:
No solution was provided except by MS.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now